[Open-scap] OpenSCAP 1.0.8 Issue ...
Simon Lukasik
slukasik at redhat.com
Thu May 15 09:39:08 UTC 2014
On 05/14/2014 07:51 PM, Trey Henefield wrote:
>
>
> Thanks Simon! That change does seem to provide the intended result.
>
> For some reason, I had interpreted var_check to mean checking all or at
> least one of the values within the variable array. In this case, I want
> to check all values obtained, so it seemed appropriate.
>
> Thank you for the clarification.
There are two levels for this.
You have correctly concluded that check_existence must be
check_existence="all_exist"
however, the var_check="all" has different meaning. The var_check is on
the object level, while check_existence is on the test level. Var_check
defines which system properties become oval objects. Then the objects
are matched with the state referenced from the test.
In other words, the semantics of your object was: all objects whose
filepath equals to *all* of the list /bin/sh /bin/bash /sbin/nologin
/bin/dash /bin/tcsh /bin/csh.
Best regards,
--
Simon Lukasik
Security Technologies, Red Hat, Inc.
More information about the Open-scap-list
mailing list